4 Ways to Prevent Data Breaches in the Healthcare Industry
2015 is a year we have seen a rise in health insurance fraud, with the most recent health insurance fraud incident being reported by Excellus BlueCross BlueShield (BCBS). The data breach was announced earlier this week, after being discovered August 5th, during an IT forensic security audit conducted by Mandiant. According to Info World, attackers may have gained access to as many as 10 million personal information records to include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information, and claims information. The number of affected individuals include plan members of Blue Cross Blue Shield who sought treatment at any one of their facilities located in the Excellus service area.
This data breach is another unfortunate example of why Healthcare insurance companies need to ensure that the most recent IT security monitoring and intrusion prevention technologies are implemented.
1. More Frequent Data Breach Monitoring
While it has been reported that it takes companies 200 days, on average, to discover systems compromised by a cyber attackers – it took Excellus BCBS 20 months before they discovered their data breach. Prompted by the recent outbreak of major healthcare data breaches, Excellus retained Mandiant (a forensic IT security audit firm) at which time they discovered that their data had been compromised. IT security experts agree that frequent and rigorous IT security audits could have uncovered these security vulnerabilities before the event or at least minimized the delay in discovering the data breach.
2. Stronger Encryption of Customers Personal Data
Not all encryption technologies are alike. Experts suggest companies capturing and storing customer personal and financial information should adopt more robust encryption technologies, such as bcrypt. Unfortunately, once cybercriminals gain access to a company’s administrative controls, as in the case of Excellus, encryption is no longer enough of a barrier to safeguard and prevent a data breach. Stronger encryption and IT network security controls play a significant role in delaying or deterring hackers seeking out an easy target.
3. Earlier Data Breach Reporting
Data breach impacts on victims can be significantly reduced, when companies notify customers as soon as they have discovered significant evidence that a data breach has occurred. It is also important for companies to notify the relevant authorities, such as the FBI, who are better equipped to identify cyber attackers before personal and financial data is exploited by way of cyber extortion schemes or health insurance scams. Companies failing to notify customers that their personal customer information may have been compromised, could do so at the risk of lawsuits and HIPAA fines. (See Ashley Madison Data Breach).
4. Avoid Planning IT Security around HIPAA Violation Fines
The best data security strategies are diluted and weakened when designed with the sole intent of avoiding HIPPA violation fines. Healthcare and financial institutions are being targeted, more than ever, by cyber criminals who are just at good at waging cyber attacks against prominent institutions as they are at covering up their identity.
IPR Secure’s highly secure and compliant Tier III data centers have proven 99.99% reliability, 24/7 customer tech support and flexible solutions to keep your IT systems up and running even when disaster strikes. To learn more about IPR’s robust suite of IT security and disaster recovery solutions, visit: http://iprsecure.com or call us today at 877.282.4873.
Data Breach Today. Excellus BlueCross BlueShield Hacked.
CSOonline.com. Excellus BCBS discloses breach, 10 million members affected.